(WebKit::inspectorFilesBasePath): Base folder for inspector resources.
(WebKit::inspectorWindowDestroyed): Invoked when inspector window is closed by user.
(WebKit::WebInspectorProxy::windowDestroyed): Resets the native handles to 0 when user closes the window.
(WebKit::WebInspectorProxy::platformCreateInspectorPage): Create the WebView for inspector.
(WebKit::WebInspectorProxy::platformOpen): Create the window for inspector.
(WebKit::WebInspectorProxy::platformDidClose): Close both WebView & window of inspector.
(WebKit::WebInspectorProxy::platformInspectedURLChanged): Update the title of inspector window.
(WebKit::WebInspectorProxy::inspectorPageURL): Return the absolute URL of inspector.html.
(WebKit::WebInspectorProxy::inspectorBaseURL): Return the location where inspector resources are present.
WebProcess is given read access to this folder only for loading file URLs by sandboxed extension.

De-virtualized JSCell::toObject and changed its implementation to manually check the
cases for JSString and JSObject rather than leaving it up to the virtual method call.

runtime/JSCell.cpp:

(JSC::JSCell::toObject):

runtime/JSCell.h:

Removed JSNotAnObject::toObject because the case for JSObject works for it.
Also removed JSObject::toObject because it was essentially the identity function,
which is not necessary since toObject is no longer virtual.

This separates how a variable is stored (i.e. its virtual register)
from how it's predicted. Each variable now takes a
VariableAccessData as its operand, instead of the virtual register.
The VariableAccessData stores the operand and the prediction. If
multiple uses of a variable are aliased, their VariableAccessDatas
are unified.

This also adds tracking of which argument values are used. It
correctly observes that an argument value is not used, if the
argument is assigned to inside the function before being used.

This also adds tracking of which variables are live at the head of
a basic block, and separates that from a variable being live at the
tail.

Finally, this communicates to both OSR entry and OSR exit code how
a variable is predicted at a particular point in the code, rather
than just communicating how it was predicted in the entire code
block (since with this patch there is no longer the notion of a
variable having just one prediction for a code block).

Converted to removeUnrenderedTextNodesAtEnds to use InsertedNodes instead of m_firstNodeInserted
and m_lastLeafInserted. Extracted the logic to update nodes as InsertedNodes::willRemoveNode
(old one was renamed to InsertedNodes::willRemoveNodePreservingChildren).

Also extracted shouldPerformSmartReplace and addSpacesForSmartReplace out of doApply,
and rewrote the logic to obtain endNode and startNode using startOfInsertedContent and
endOfInsertedContent instead of m_firstNodeInserted and m_lastLeafInserted.

Finally, replaced the nullity checks of m_firstNodeInserted and m_lastLeafInserted in
completeHTMLReplacement by nullity checks of start and end positions.

<rdar://problem/10191243> Glyph variants (line final swashes) appear where they should not

Reviewed by Simon Fraser.

Source/WebCore:

Test: fast/text/line-initial-and-final-swashes.html

Hoefler Text Italic enables line-initial and -final swashes by default, so disable them. This
change targets only this known-bad font rather than all fonts, because at least one font (Khmer MN)
incorrectly claims to have the line-initial feature enabled, but disabling it actually does
something different and bad (breaking some combining marks).

platform/graphics/cocoa/FontPlatformDataCocoa.mm:

(WebCore::createFeatureSettingDictionary): Added this helper function.
(WebCore::cascadeToLastResortFontDescriptor): Deployed WTF_ARRAY_LENGTH().
(WebCore::cascadeToLastResortAndDisableSwashesFontDescriptor): Added. Returns a font descriptor
that, in addition to having a cascade list consisting of the last resort font, also has feature
settings to disable line-initial and line-final swashes.
(WebCore::FontPlatformData::ctFont): For Hoefler Text Italic, use cascadeToLastResortAndDisableSwashesFontDescriptor().

Removed a special case for updatingControlTints phase. The same case is present in cross-platform
code now, and Qt doesn't have any custom subclasses of ScrollableArea or ScrollView to need
special handling.
This was added in r37377 without a bug or much ChangeLog explanation.

Inlined the method table access and call to the visitChildren function (the only call sites
to visitChildren are here).

heap/MarkStack.cpp:

(JSC::SlotVisitor::visitChildren):

Changed the field name for the visitChildren function pointer to visitChildren (from
visitChildrenFunctionPtr) to make call sites less verbose.

runtime/ClassInfo.h:

Discovered JSBoundFunction doesn't have its own ClassInfo (it used JSFunction's ClassInfo) but
overrides visitChildren, so it needs to have its own ClassInfo.

runtime/JSBoundFunction.cpp:

runtime/JSBoundFunction.h:

Had to move className up to make sure that the virtual destructor in JSObject wasn't
the first non-inline virtual method in JSObject (as per the comment in the file).
Also moved JSCell::visitChildrenVirtual into JSObject.h in order for it be inline-able
to mitigate the cost of an extra method call.

Also added a convenience accessor function methodTable() to JSCell to return the MethodTable to make
call sites more concise. Implementation is inline in JSObject.h.

runtime/JSObject.h:

(JSC::JSCell::methodTable):

runtime/JSCell.h:

Added an out of line virtual destructor to JSWrapperObject and ScopeChainNode to
appease the vtable gods. It refused to compile if there were no virtual methods in
both of these classes due to the presence of a weak vtable pointer.

runtime/JSWrapperObject.cpp:

(JSC::JSWrapperObject::~JSWrapperObject):

runtime/JSWrapperObject.h:

runtime/ScopeChain.cpp:

(JSC::ScopeChainNode::~ScopeChainNode):

runtime/ScopeChain.h:

Source/JavaScriptGlue:

Removed the remaining visitChildrenVirtual methods. This patch completes the process of
de-virtualizing visitChildren.

UserObjectImp.cpp:

UserObjectImp.h:

Source/WebCore:

No new tests.

Removed the remaining visitChildrenVirtual methods. This patch completes the process of
de-virtualizing visitChildren.

QWidget and friends now live in the QtWidgets library. We update
includes in implementation files and private headers to us the
non-module-prefixed path, and leave the lookup for the include
path. For public headers we have to ifdef the includes as the
user might now have the modules we need in his QT config.

Finally, QSGCanvas is no longer a QWidget but a QWindow, so we
have to update our code and use windowHandle() for setting the
parent relationships.

If an ARIA Live region udpates an element that is not in the AX object cache, then the Live region
notification is not sent. To fix this, the childrenChanged() method needs to actually create
the appropriate objects, but since that method gets called during a render tree update, we've learned
that it's generally not safe to create objects.

Instead a one shot timer can be fired that will update and create the necessary objects so that the
correct notification can be sent.

Moved Chromium's generic implementation of Frame::nodeImage and
Frame::dragImageForSeletion to Frame.cpp and simply excluded via
#ifdefs platforms that do not have their own implementation. Removed
all empty implementations of these functions and Qt's which was
functionally identical.

No new tests. Drag-and-drop drag image functionality changes
are incredibly difficult to test in a non-manual way.

There is a test with 30 requests.
For the each stage of loading a resource we have an entry in _staleResources array. There are at least 4 stages per request.
NetworkLogView._refresh function is creating/updating the resource row for the each such entry.
This array can be replaced with a hash map just because the resource associated with the entry is the same for all the entries with the same request id.

Don't use the identity element to avoid painting of the in-window
video. Instead simply make the sink aware of the fullscreen state
and ignore buffers if fullscreen and autovideosink are
active. Also fixed two deadlocks happening when a paused pipeline
is switched to fullscreen and when fullscreen is disabled for a
paused pipeline.

All calls out are expecting stdcall conventions, but the default on OS X are cdecl.
Leave D_DFGOperation_DD calls as the one exception, since we want to be able to link
directly to std library functions like fmod - leave these calls obeying the default
platform calling convention.

Nearly all of the work in this was done by Simon Fraser; I'm
just repackaging it and cleaning it up a bit. This change
modifies port.diff_image() to return a tuple of (pass/fail,
%age), adds the value to the FailureImageHashMismatch, and
writes the value into the full_results.json files to be
displayed in the results page.

This patch moves garden-o-matic from getting full_results.json from
test-results.appspot.com to getting that information directly from the
buildbot. This patch improve the load time and accuracy of
garden-o-matic because test-results.appspot.com is slow and is dropping
a significant number of writes (see​https://bugs.webkit.org/show_bug.cgi?id=68748).

Also fixed editing/deleting/regional-indicators.html as done in the original patch.
(The fix was included in the original patch but webkit-patch could not apply because of some exotic characters in the test.)

Patch suggested by Sam Weinig. It's unclear to me how to test this
change because all our tests run on non-default ports, which is why we
have this bug in the first place. Mozilla uses a proxy while testing
so they can test with URLs like ​http://example.com, but we don't have
such a facility.

We are currently using the WorQueue name as thread name which in
this moment can be com.apple.WebKit.ProcessLauncher or
com.apple.CoreIPC.ReceiveQueue. Both names are longer than 31
characters which is the limit of Visual Studio for thread
names. When log is enabled createThread() will assert instead of
truncate the name, so we need to make sure we don't use a name
longer than 31 characters.

Revert change which broke displaying end script tags in view-source, instead
deal with any trailing </script> tag included by mistake in the XSSAuditor
itself. Correct tests to detect the missing close tags.​https://bugs.webkit.org/show_bug.cgi?id=68898

(webkitWebViewConstructed): Create the loader client for the view.
(webkit_web_view_init):
(webkit_web_view_get_loader_client): Get the current loader client.
(webkit_web_view_set_loader_client): Set a new loader client.

The SolarWalk binary does not link against WebKit.framework directly,
so calling NSVersionOfLinkTimeLibrary() will not return the version of
WebKit against which SolarWalk was linked. Since Solar Walk has
released an update that addresses the issue for which this app-specific
hack was originally added, we should just remove the hack.

Only invalidate the cache of a filter when target style changes, as of the different types of cached
resources, only filters make use of the style of the target element and thus need to be invalidated
when the target style changes.

Doing value->isPrimitiveValue() is relatviely expensive, so moving it after the early returns but
before the result is used saves a significant number of cycles. (Tested with Shark profiler in Safari).

When web socket is disabled, there is a build break in WebKit EFL port.
Currently, web socket is enabled by default in build-webkit script.
Thus, the web socket is also enabled in EFL script of cmake build system for now.
Because, WebKit EFL developers can't work on latest WebKit trunk.

This change revealed a bug in removeUnrenderedTextNodesAtEnds that text nodes without any visible
text at ends are not removed when it has a render object. Fixed the bug by checking the length of
the rendered text. (Tested by editing/pasteboard/pasting-word-in-div-extra-line.html)

This further revealed that caretMaxRenderedOffset doesn't return an offset and caretMaxRenderedOffset
on InlineBox, InlineTextBox, RenderObject, RenderBR, RenderPlaced are never called. To address this
issue, renamed caretMaxRenderedOffset to renderedTextLength for RenderText and removed the rest.

This introduces an interface TextureAllocator that the TextureManager uses to allocate/deallocate textures.
This means that TextureManager does not need to depend directly on GraphicsContext3D, other than for the format
enum type, making it more testable. It also allows us to track the allocations by subclassing TextureAllocator
to make sure we aren't leaking any textures.

This test disables the expected failures tab. The web inspector showed
that loading the data for this tab was slowing down the loading time
for the whole app. We need to find a way to load that data lazily.

This patch also improves the update message to better describe the
progress the app is making analyzing data from the buildbot.

Currently, some tests in fast/events/constructors/message-event-constructor.html
are failing or crashing in DRT, as we commented in the test file.
This is because MessageEvent.data is implemented as SerializedScriptValue,
and thus it cannot keep ScriptValue passed by JavaScript.
This is the same issue as the bug (​https://bugs.webkit.org/show_bug.cgi?id=68345).
We will soon make a follow-up patch to fix these failures, after this
patch is landed.

Test: fast/events/constructors/message-event-constructor.html

bindings/generic/EventConstructors.h: Added a definition for the MessageEvent constructor.

bindings/js/JSDictionary.cpp:

(WebCore::JSDictionary::convertValue): Generates MessagePortArray from the list of message ports in the format of JSValues.

The accelerated drawing code is incompatible with threaded compositing. Rather than tying the two behaviors
together via USE(THREADED_COMPOSITING), this patch guards the accelerated drawing code with its own USE() guard
so the features can advance independently. Today, it's not safe to set both of these flags.

In this patch we just extract the bodies of the virtual getCallData methods
throughout the JSCell inheritance hierarchy out into static methods, which are
now called from the virtual methods. This is an intermediate step in trying to
move the virtual-ness of getCallData into our own method table stored in
ClassInfo. We need to convert the methods to static methods because static methods
can be represented as function pointers rather than pointers to member functions, and
function pointers are smaller and faster to call than pointers to member functions.

In this patch we just extract the bodies of the virtual getCallData methods
throughout the JSCell inheritance hierarchy out into static methods, which are
now called from the virtual methods. This is an intermediate step in trying to
move the virtual-ness of getCallData into our own method table stored in
ClassInfo. We need to convert the methods to static methods because static methods
can be represented as function pointers rather than pointers to member functions, and
function pointers are smaller and faster to call than pointers to member functions.

In this patch we just extract the bodies of the virtual visitChildren methods
throughout the JSCell inheritance hierarchy out into static methods, which are
now called from the virtual methods. This is an intermediate step in trying to
move the virtual-ness of visitChildren into our own custom vtable stored in
ClassInfo. We need to convert the methods to static methods in order to be
able to more easily store and refer to them in our custom vtable since normal
member methods store some implicit information in their types, making it
impossible to store them generically in ClassInfo.

In this patch we just extract the bodies of the virtual getCallData methods
throughout the JSCell inheritance hierarchy out into static methods, which are
now called from the virtual methods. This is an intermediate step in trying to
move the virtual-ness of getCallData into our own method table stored in
ClassInfo. We need to convert the methods to static methods because static methods
can be represented as function pointers rather than pointers to member functions, and
function pointers are smaller and faster to call than pointers to member functions.

In this patch we just extract the bodies of the virtual getCallData methods
throughout the JSCell inheritance hierarchy out into static methods, which are
now called from the virtual methods. This is an intermediate step in trying to
move the virtual-ness of getCallData into our own method table stored in
ClassInfo. We need to convert the methods to static methods because static methods
can be represented as function pointers rather than pointers to member functions, and
function pointers are smaller and faster to call than pointers to member functions.

Sets a static bool during GraphicsLayer::paintGraphicsLayerContents and ASSERT()s that we never create or
destroy a GraphicsLayer inside this function. Painting should never mutate the GraphicsLayer tree.

Use the logicalWidth of the flexbox instead of it's availableLogicalWidth
so that we include the flexbox's border and padding.

Also, change all uses of availableLogicalWidth to contentLogicalWidth.
The former takes multi-column into account. Multi-column flexboxes don't
make any sense, so there's no point in calling availableLogicalWidth.

Clamp all resources to the same size, 4096x4096 (arbitrarily chosen), instead of to the size
of the <svg> element. This fixes the case where a transformed element displays part of a resource
outside of the size of the <svg> element.

When drawing an oversized pattern into its tile image, scale the content down to fit. When drawing
the tile image to the screen, scale it back up to fit the expected area. This will cause pixelation
when patterns are over the 4k limit.

pattern-excessive-malloc is so excessive that it runs into the floating point precision barrier
when determining the scale to draw the pattern at; drop the size two orders of magnitude, which is
still very excessive but easier to draw with.

Add a test (transformed-pattern-clamp-svg-root.svg) that ensures that patterns on transformed
elements are displayed correctly, instead of being clamped to the size of the <svg> element.

Add a test (oversized-pattern-scale.svg) that ensures that oversized patterns are correctly drawn
into the pattern tile scaled down and then are scaled back up when drawn to the screen.

FrameView::layout() calls adjustViewSize() before calling RenderLayer::updateLayerPositions().
The former may trigger painting with a layer tree that is not entirely up-to-date. Specifically,
the isPaginated() state of a layer may be incorrect, leading to the assertion in this bug. Instead
of asserting, return early and count on the upcoming updateLayerPositions() to repaint as needed.

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::paintPaginatedChildLayer): Replaced the assertion with an early return.

Extracted the logic to find the highest ancestor to remove as highestNodeToRemoveInPruning from prune.
This reduces the number of node removals from O(n) to O(1) where n is the depth of the tree.

editing/CompositeEditCommand.cpp:

(WebCore::hasARenderedDescendant): Takes excludedNode in addition to node. excludedNode is used to ignore
the child node from which we climbed up the tree in highestNodeToRemoveInPruning.
(WebCore::highestNodeToRemoveInPruning): Extracted from prune.
(WebCore::CompositeEditCommand::prune):
(WebCore::CompositeEditCommand::breakOutOfEmptyMailBlockquotedParagraph):

Paginated floats should not grow the height of a block when they don't end
up being tied to a line. Floats encountered in skipLeadingWhitespace that
paginate can't immediately grow the height of the block, since there may not
end up being any actual line content. We only want to push the height of the
block down if we have actual line content that we want to keep with the
float.

Make positionNewFloatOnLine check if the line is empty or not, and if it is,
it just puts the desired pagination strut into LineInfo. If and when actual
line content is encountered and setEmpty becomes false, we'll grow the block
height then.

Changed JSCell::getPrimitiveNumber to manually handle the dispatch for
JSCells (JSObject and JSString in this case).

runtime/JSCell.cpp:

(JSC::JSCell::getPrimitiveNumber):

runtime/JSCell.h:

Removed JSNotAnObject::getPrimitiveNumber since its return value doesn't
matter and it already implements defaultValue, so JSObject::getPrimitiveNumber
can cover the case for JSNotAnObject.

runtime/JSNotAnObject.cpp:

runtime/JSNotAnObject.h:

De-virtualized JSObject::getPrimitiveNumber and JSString::getPrimitiveNumber
and changed them to be const. Also made JSString::getPrimitiveNumber public
because it needs to be called from JSCell::getPrimitiveNumber and also since it's
no longer virtual, we want people who have a more specific pointer (JSString*
instead of JSCell*) to not have to pay the cost of a virtual method call.

Add a filter property to RenderStyle when ENABLE(CSS_FILTERS)
is turned on. Similar to -webkit-transform, -webkit-filter is a
list of FilterOperations, each identifying what type of operation
it is. This change simply adds the basic objects, it does not
parse the property to generate the list.

This introduces an interface TextureAllocator that the TextureManager uses to allocate/deallocate textures.
This means that TextureManager does not need to depend directly on GraphicsContext3D, other than for the format
enum type, making it more testable. It also allows us to track the allocations by subclassing TextureAllocator
to make sure we aren't leaking any textures.

However, in some cases it is not even possible to connect to the
"frame,created" signal to properly monitor the
"load,document,finished" signal, as the former is not emitted.
fast/frames/frame-unload-crash.html, for example, has a page with an
iframe inside an iframe, and this innermost iframe does not seem to be
loaded via FrameLoaderClientEfl::createFrame (which calls all the
machinery which then emits the "frame,created" signal).

We now make ewk_frame_load_document_finished() call the newly-created
ewk_view_load_document_finished() function, whose job is to emit the
"load,document,signal" with the frame as its parameter. This way, one
can just connect to the view and make sure all the signals will get
delivered.

When non-overlay scrollbars are hidden on a composited iframe, nothing invalidated
the scrollbar areas or the scroll corner, so the scrollbars appear to remain.

Fix by invalidating the scrollbars and scroll corner when they are removed. Invalidation
on scrollbar creation appears to happen via updating the scrollbar style.

Tested by compositing/iframes/repaint-after-losing-scrollbars.html which no longer shows
stale scrollbars when run manually, even though the green squares are missing from the
pixel result (bug 67878).

(WebCore::ScrollView::setHasHorizontalScrollbar): Invalidate the scrollbar area if hiding it.
(WebCore::ScrollView::setHasVerticalScrollbar): Ditto.
(WebCore::ScrollView::updateScrollbars): In the case where both scrollbars are going away,
compute the scroll corner rect while we still have scrollbars, and then invalidate it
explicitly. (updateScrollCorner() doesn't, because it doesn't have access to the old corner
rect.)

platform/ScrollableArea.cpp:

(WebCore::ScrollableArea::invalidateScrollCorner): Pass the rect in, because we can't
compute it in the case where the scrollbars are going away.

platform/ScrollableArea.h: Pass in a rect to invalidateScrollCorner(), which matches

Use webkit_web_context_get_default() instead of
WKContextGetSharedProcessContext() and add API to create a view
with a given web context and to return the current context
associated to the view.

GNUmakefile.am: Add new files to compilation.

UIProcess/API/gtk/WebKitPrivate.h: Added.

UIProcess/API/gtk/WebKitWebContext.cpp:

(webkitWebContextGetWKContext): Private API to get the WKContext
wrapped by the WebKitWebContext.

UIProcess/API/gtk/WebKitWebContextPrivate.h: Added.

UIProcess/API/gtk/WebKitWebView.cpp:

(webkitWebViewConstructed): Create the webpage using the web
context of the view.
(webkitWebViewSetProperty):
(webkitWebViewGetProperty):
(webkit_web_view_init):
(webkit_web_view_class_init):
(webkit_web_view_new): Create a new view with the default context.
(webkit_web_view_new_with_context): Create a new view with the
given context.
(webkit_web_view_get_context): Return the context.

Previously, the test and builder names were displayed in an arbitrary
order that changed from time to time. That confused one user study
participant. This patch sorts the lists so that they occur in a
predictable order.

This is Yet Another Missing updateFont (similar to bug 57756 and likely others). Here the issue is that
applying one of the font properties could mutate the parent style's font if m_parentStyle == m_style.
We would then query the newly created font when applying CSSPropertyFontSize, which has no font fallback
list as Font::update was never called.

The right fix would be to refactor of how we handle fonts to avoid such manual updates (see bug 62390).
Until this happens, it is better not to crash.

css/CSSStyleSelector.cpp:

(WebCore::CSSStyleSelector::applyProperty): Added updateFont() here as the fonts could have been
mutated by the previous property change. Also added a comment explaining why it is safe to do it
this way.

Add a function to BitmapTexture for direct pixel updates.
Modify BitmapTextureGL::endPaint to use that function. Since the BGRA
to RGBA swizzling is done inside that function, there's no need for the
RGBA32PremultipliedBuffer class to contain such function. Also,
RGBA32PremultipliedBuffer was renamed to BGRA32PremultipliedBuffer, correcting
an old mistake.

QWidget and friends now live in the QtWidgets library. We update
includes in implementation files and private headers to us the
non-module-prefixed path, and leave the lookup for the include
path. For public headers we have to ifdef the includes as the
user might now have the modules we need in his QT config.

Finally, QSGCanvas is no longer a QWidget but a QWindow, so we
have to update our code and use windowHandle() for setting the
parent relationships.

Expose a linkHovered() signal in QDesktopWebView, that passes the QUrl and the
QString corresponding to the link title. I left textContent out because was
unsure of its use case.

In QDesktopWebView we store the last URL and title emitted to make sure we send
the signal only if either value changes. Tests were added to the QML element to
check: if values are correctly emitted and if we don't emit more signals than
necessary.

Clients should use uiSourceCode(), rawLocationToUILocation(), uiLocationToRawLocation() methods of SourceMapping class.
Initially, RawSourceCode may not have associated SourceMapping, so it is natural to extract this methods and associated state to a separate class.

(webkit_dom_blob_slice): alias to the new method name.
(webkit_dom_html_form_element_dispatch_form_change): this was
removed from WebCore, so just print a warning about it.
(webkit_dom_html_form_element_dispatch_form_input): ditto.

This is because PopStateEvent.state is implemented not as ScriptValue but as SerializedScriptValue.
However, we cannot simply change the type of PopStateEvent.state to ScriptValue,
since PopStateEvent can be constructed in the context that does not know ScriptValue.
For example, Document.cpp calls PopStateEvent::create() with SerializedScriptValue
popped from HistoryItem, but we cannot deserialize the SerializedScriptValue into
the corresponding ScriptValue here because the deserialization requires ExecState.
In other words, although we want to store PopStateEvent.state by ScriptValue internally,
PopStateEvent still needs to provide an API to construct it with SerializedScriptValue.
With these observations, this patch makes the following changes:

If PopStateEvent is constructed with ScriptValue, it is stored as ScriptValue internally.

When PopStateEvent.state is called, the ScriptValue is returned.

If PopStateEvent is constructed with SerializedScriptValue, it is stored as

SerializedScriptValue internally (since we cannot deserialize it into ScriptValue
at this point). When PopStateEvent.state is called, the SerializedScriptValue is
deserialized into the corresponding ScriptValue, and the ScriptValue is returned.

When non-overlay scrollbars are hidden on a composited iframe, nothing invalidated
the scrollbar areas or the scroll corner, so the scrollbars appear to remain.

Fix by invalidating the scrollbars and scroll corner when they are removed. Invalidation
on scrollbar creation appears to happen via updating the scrollbar style.

Tested by compositing/iframes/repaint-after-losing-scrollbars.html which no longer shows
stale scrollbars when run manually, even though the green squares are missing from the
pixel result (bug 67878).

(WebCore::ScrollView::setHasHorizontalScrollbar): Invalidate the scrollbar area if hiding it.
(WebCore::ScrollView::setHasVerticalScrollbar): Ditto.
(WebCore::ScrollView::updateScrollbars): In the case where both scrollbars are going away,
compute the scroll corner rect while we still have scrollbars, and then invalidate it
explicitly. (updateScrollCorner() doesn't, because it doesn't have access to the old corner
rect.)

platform/ScrollableArea.cpp:

(WebCore::ScrollableArea::invalidateScrollCorner): Pass the rect in, because we can't
compute it in the case where the scrollbars are going away.

platform/ScrollableArea.h: Pass in a rect to invalidateScrollCorner(), which matches

Scrollbars in composited elements were getting drawn twice,
because r41203 moved the call to paintOverflowControls() out of
RenderLayer::paintLayer(), but forgot to change RenderLayerBacking::paintIntoLayer().

Test: compositing/scrollbar-painting.html

rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::paintIntoLayer):

LayoutTests:

Reviewed by Sam Weinig.

Pixel test with translucent scrollbars, to test whether they get
rendered twice.

(JSC::MarkedBlock::isLiveCell): Testing just for alignment isn't good
enough; we also need to test that a pointer is beyond the metadata section
of a MarkedBlock, to avoid treating random metadata as a JSCell.

allowing the automatic ref counting to work. This was previous needed when
the ref counting wasn't working but that was fixed in r94986. Note that the
design was to have ref counting since the methods take PassRefPtr and the
class is ThreadSafeRefCounted. (Ideally we have noticed this flaw when
adding in AllowCrossThreadAccess.)
(WebKit::WorkerFileWriterCallbacksBridge::postWriteToMainThread):
(WebKit::WorkerFileWriterCallbacksBridge::postTruncateToMainThread):
(WebKit::WorkerFileWriterCallbacksBridge::postAbortToMainThread):
(WebKit::WorkerFileWriterCallbacksBridge::didWrite):
(WebKit::WorkerFileWriterCallbacksBridge::didFail):
(WebKit::WorkerFileWriterCallbacksBridge::didTruncate):
(WebKit::WorkerFileWriterCallbacksBridge::postInitToMainThread):
(WebKit::WorkerFileWriterCallbacksBridge::dispatchTaskToMainThread):
(WebKit::WorkerFileWriterCallbacksBridge::dispatchTaskToWorkerThread):

The changes are tested by compiling and added compile asserts to do some verification as well.

platform/CrossThreadCopier.cpp:

Added some compile asserts to verify various match and non-matches for CrossThreadCopier.

platform/CrossThreadCopier.h:

Added a typedef to convert T* to T, just like the typedef's to remove RefPtr and PassRefPtr.
Added a compile assert to verify that only one of the typedefs did anything.
(CrossThreadCopierBase<false, true, T>::copy): Remove "get" as it is unnecessary.
It shouldn't have been here (PassRefPtr and RefPtr easily and sometimes more efficiently
convert to PassRefPtr without get). Also, a raw pointer doesn't have a get() method.

Clean up CachedResource::load(). Collapse its
logic into a single callsite, taking just a
CachedResourceLoader and a ResourceLoaderOptions.

Its 'incremental' parameter is redundant.

With 'incremental' removed, the SecurityCheckPolicy is the only
parameter difference between the CachedResource::load() variants.
Making it a part of ResourceLoaderOptions removes yet another random
enum that is passed around individually.

We currently have to call setResourceLoaderOptions() before load() on a
new CachedResource, so we should just take the ResourceLoaderOptions in load().

JSCell::toBoolean now manually performs the toBoolean check for objects and strings (where
before it was simply virtual and would crash if its implementation was called).
Its descendants in JSObject and JSString have also been made non-virtual. JSCell now
explicitly covers all cases of toBoolean, so having a virtual implementation of
JSCell::toBoolean is no longer necessary. This is part of a larger process of un-virtualizing JSCell.

The problem was that ScrollView::overhangAmount() was returning a full-page overhang due to contentsSize() being 0 briefly during a page load, which was then getting used by ScrollAnimatorChromiumMac.mm to update the overhang on a gesture event. This change makes the relevant logic not return an overhang if the contentsSize() is empty.

Add a virtual method to ewk_view, so the Chrome gets notified if we
finished focusing all the items and would start over. This way the
browser can decide to handle the subsequent focus changes among its
widgets.

WebCoreSupport/ChromeClientEfl.cpp: call ewk_view's virtual method to

give it a chance to grab focus
(WebCore::ChromeClientEfl::canTakeFocus):

Previous expected result was Chromium-specific because console line
numbers were different in JSC.

Additionally, the test doesn't behave as expected for non-Chromium
ports (window size remains at 800x600). Update the baselines to use
that for now, so that we're still aware of regressions/progressions.

During an animation, renderers may try to paint into the FullScreenRenderer's
GraphicsLayer, and an optimization we previously added for the FullScreenRenderer's
background will cause these paints to fail. Remove this optimization in
containsPaintedContent, and taking non-composited elements into full screen will
animate correctly.

rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::containsPaintedContent):

Source/WebKit2:

Do not re-enable screen updates after exiting compositing mode until a repaint has completed.

Expose WKBundlePage methods to turn on repaint rect tracking
in WebKit2, for WebKitTestRunner.

As part of the change, expose utility methods on WebPage
to get the main Frame and FrameView, which required renaming
the exisiting method that returns a WebFrame. Fix callers
of that method to handle null when necessary.

:link, :visited and :focus are quite common. They often used as univeral selectors (including in our
default stylesheet) so we try to match them for all elements in the document. They take always the
slow matching path. In addition we match link styles twice due to visited link pseudo style generation
so the overhead is doubled. As a result substantial portion of our style matching time is spent
dealing with these pseudo classes.

This patch adds new lists to RuleSet for common pseudo class rules. The rules on the lists are only checked
if the element has approprate type and stat. ases where the rightmost pseudo class can then be rejected immediately.
We can also enable the fast path checking for the rest of the selector in many cases.

This seems to be >30% progression in selector matching performance with typical style sheets. It saves ~0.9s
when loading the full HTML5 spec.

This patch adds the end point adjustment mechanism at bidi boundaries similar to the one NSTextView implements.

To understand the problem, suppose we have strong RTL letters "ABC" in a LTR block (visually laid out as CBA).

Per NSTextView convention, logical offsets between each letter is placed as (0)C(2)B(1)A(3). In other words,
placing the caret visually on the left of CBA yields the position inside the text node of "ABC" at offset 0.
Likewise, placing it between C and B yields ("ABC", 2), and placing it on the right of CBA yields ("ABC", 3).

Now suppose a user attempts to select the letter A by a mouse drag from the right of CBA to a point between
B and A. First, the initial mouse down places the selection's base at ("ABC", 3). Then as the mouse pointer
moves to a point on the left of A, the selection's extent is set at ("ABC", 1), selecting "BC".

To mitigate this issue, NSTextView adjusts selection base and extent under certain conditions. In the above
example, NSTextView detects user's intent and changes the selection's base to ("ABC", 0) temporarily.

This patch implements a similar trick on WebKit. We adjust the base or the extent when they're at the left
end or at the right end of a bidi run and the other end is inside of the run. In the above example, the
base position on the right of A is the right end of a bidi run and the extent position between B and A is
inside the same run (CBA), so we would adjust the base to be ("ABC", 0) as NSTextView does.

Take another example abcABC. Note offsets are assigned as (0)a(1)b(2)c(3)C(5)B(4)A(6) When the user starts
a mouse drag from the right of A to a point between B and A, we adjust the selection base to be ("abcABC", 3)
because the base is at the right end of a bidi run and the extent is in the same run. We keep the adjustment
when the mouse pointer moves to a point between C and B. However, when the mouser pointer reaches a point
between letters b and c, the selection extent is placed at ("abcABC", 2). Because the extent is outside of
the bidi run started from the selection base, we restore the original base at this point. Had we not done this,
we'll end up selecting just "c".

While this algorithm is implemented in FrameSelection::setNonDirectionalSelectionIfNeeded, this patch adds
various member functions to RenderedPosition to facilitate abstraction around inline boxes and bidi runs.

(WebCore::RenderedPosition::RenderedPosition):
(WebCore::RenderedPosition::prevLeafChild): Added to cache prevLeafChild of the current inline box.
(WebCore::RenderedPosition::nextLeafChild): Ditto for nextLeafChild.
(WebCore::RenderedPosition::isEquivalent): Compares two RenderedPositions considering neighboring inline boxes
so that the rightmost position in a box and the leftmost position in the following box is considered equal.
(WebCore::RenderedPosition::bidiLevelOnLeft): Added. Returns the bidi level of the run on the left. We can't
add a generic bidiLevel to this class because it'll be ambiguous at bidi boundaries.
(WebCore::RenderedPosition::bidiLevelOnRight): Ditto for the run on the right.
(WebCore::RenderedPosition::leftBoundaryOfBidiRun): Added.
(WebCore::RenderedPosition::rightBoundaryOfBidiRun): Added.
(WebCore::RenderedPosition::atLeftBoundaryOfBidiRun): Added.
(WebCore::RenderedPosition::atRightBoundaryOfBidiRun): Added.
(WebCore::RenderedPosition::positionAtLeftBoundaryOfBiDiRun): Returns Position at the left edge of a bidi run
if RenderedPosition is at such a position. Asserts atLeftBoundaryOfBidiRun.
(WebCore::RenderedPosition::positionAtRightBoundaryOfBiDiRun): Ditto for the right edge.

<​http://webkit.org/b/68809> IconDatabase::syncThreadMainLoop can assert if wakeSyncThread is called before thread starts executing

If wakeSyncThread is called before syncThreadMainLoop starts executing then m_syncThreadHasWorkToDo would be set
while executing the body of the sync thread loop, causing us to skip blocking on the condition variable. This would
lead to us hitting the assertion failure due to m_disabledSuddenTerminationForSyncThread being false, unless the main
thread happened to call wakeSyncThread a second time while the first loop iteration was executing.

Reviewed by Anders Carlsson.

loader/icon/IconDatabase.cpp:

(WebCore::IconDatabase::syncThreadMainLoop): Clear m_syncThreadHasWorkToDo to indicate that we're about to perform
all pending work.

If video textures are reclaimed (such as during a visibility change on
a tab), the dirty rect for the layer is empty and it skips out of
updating compositor resources, leaving the video textures invalid.
Instead, check the textures here to make sure they're still valid
first before early out so that they can get reupdated if necessary.

Additionally, fix a small bug in pushPropertiesTo where 1 plane RGB
videos would not get drawn because all 3 planes didn't have valid
textures.

(webkit_web_view_set_scroll_adjustments): use the existing
set{Horizontal,Vertical}Adjustment functions, so the code is not
duplicated
(webkit_web_view_dispose): unset the adjustments during dispose,
to avoid late adjustment change notifications hitting the
adjustment watcher

For now, swap RGBA->BGRA in software if we're in OpenGL ES 2.
We do that by iterating on the pixels and manually swapping each pixel's red and blue
values. This can be done faster with shaders, but for now this is a working solution
for platforms without BGRA support.

Declared/defined the MethodTable struct and added it to the ClassInfo struct.
Also defined the CREATE_METHOD_TABLE macro to generate these method tables
succinctly where they need to be defined.

Also added to it the first function to use this macro, visitChildren.

This is part of the process of getting rid of all C++ virtual methods in JSCell.
Eventually all virtual functions in JSCell that can't easily be converted to
non-virtual functions will be put into this custom vtable structure.

runtime/ClassInfo.h:

Added the CREATE_METHOD_TABLE macro call as the last argument to each of the
ClassInfo structs declared in these classes. This saves us from having to visit
each s_info definition in the future when we add more methods to the MethodTable.

Had to make visitChildren and visitChildrenVirtual protected instead of private
because some of the subclasses of JSWrapperObject need access to JSWrapperObject's
visitChildren function pointer in their vtable since they don't provide their own
implementation. Same for RegExpObject.

runtime/JSWrapperObject.h:

runtime/RegExpObject.h:

Source/JavaScriptGlue:

Added CREATE_METHOD_TABLE macro to generate the custom vtable for the
specified class in its ClassInfo. Also added to it the first function to use
this macro, visitChildren. This is part of the process of getting rid of all
C++ virtual methods in JSCell. Eventually all virtual functions in JSCell
that can't easily be converted to non-virtual functions will be put into
this custom vtable structure.

UserObjectImp.cpp:

Source/WebCore:

No new tests.

Added CREATE_METHOD_TABLE macro to generate the custom vtable for the
specified class in its ClassInfo. Also added to it the first function to use
this macro, visitChildren. This is part of the process of getting rid of all
C++ virtual methods in JSCell. Eventually all virtual functions in JSCell
that can't easily be converted to non-virtual functions will be put into
this custom vtable structure.

bindings/js/JSAudioConstructor.cpp:

bindings/js/JSDOMGlobalObject.cpp:

bindings/js/JSDOMWindowBase.cpp:

bindings/js/JSDOMWindowShell.cpp:

bindings/js/JSImageConstructor.cpp:

bindings/js/JSImageDataCustom.cpp:

(WebCore::toJS):

bindings/js/JSOptionConstructor.cpp:

bindings/js/JSWorkerContextBase.cpp:

Changed the bindings generator to add the call to the CREATE_METHOD_TABLE macro where
necessary.

bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):
(GenerateConstructorDefinition):

bindings/scripts/test/JS/JSTestInterface.cpp:

bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:

bindings/scripts/test/JS/JSTestObj.cpp:

bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:

bridge/c/CRuntimeObject.cpp:

bridge/c/c_instance.cpp:

bridge/jni/jsc/JavaInstanceJSC.cpp:

bridge/jni/jsc/JavaRuntimeObject.cpp:

bridge/objc/ObjCRuntimeObject.mm:

bridge/objc/objc_instance.mm:

bridge/objc/objc_runtime.mm:

bridge/qt/qt_instance.cpp:

bridge/qt/qt_pixmapruntime.cpp:

bridge/qt/qt_runtime.cpp:

bridge/runtime_array.cpp:

bridge/runtime_method.cpp:

bridge/runtime_object.cpp:

Source/WebKit/mac:

Added CREATE_METHOD_TABLE macro to generate the custom vtable for the
specified class in its ClassInfo. Also added to it the first function to use
this macro, visitChildren. This is part of the process of getting rid of all
C++ virtual methods in JSCell. Eventually all virtual functions in JSCell
that can't easily be converted to non-virtual functions will be put into
this custom vtable structure.

Plugins/Hosted/ProxyInstance.mm:

Plugins/Hosted/ProxyRuntimeObject.mm:

Source/WebKit2:

Added CREATE_METHOD_TABLE macro to generate the custom vtable for the
specified class in its ClassInfo. Also added to it the first function to use
this macro, visitChildren. This is part of the process of getting rid of all
C++ virtual methods in JSCell. Eventually all virtual functions in JSCell
that can't easily be converted to non-virtual functions will be put into
this custom vtable structure.

The gtk/GtkWidgetBackingStoreCairo.cpp is moved to the cairo/WidgetBackingStoreCairo.cpp and
some codes for EFL are added.
WidgetBackingStoreCairo creates cairo_image_surface and has a role to copy reusable area
when scrolling. So, it will be used in the WebKit2 EFL port's BackingStore.

When Geoffrey Garen removed PLATFORM(BREWMP) in​http://trac.webkit.org/changeset/95555, he did not remove all the
associated code. This completes the work started in r95555 by removing
all the code assoicated with PLATFORM(BREWMP).

This gets rid of static prediction code, and ensures that we do not
try to compile code where dynamic predictions are not available.
This is accomplished by immediately performing an OSR exit wherever
a value is retrieved for which no predictions exist.

This also adds value profiling for this on functions used for calls.

The heuristics for deciding when to optimize code are also tweaked,
since it is now profitable to optimize sooner. This may need to be
tweaked further, but this patch only makes minimal changes.

This results in a 16% speed-up on Kraken/ai-astar, leading to a 3%
overall win on Kraken. It's neutral elsewhere.

<rdar://problem/10177824> IconDatabase’s use of ThreadCondition leads to assertion failures in the face of spurious wakeups

It's possible for ThreadCondition::wait to return spuriously without the condition having been signaled.
When that happens we should immediately return to waiting rather than doing our normal work, as some of that
work relies on wakeSyncThread having been called to signal the condition.

Reviewed by Sam Weinig.

loader/icon/IconDatabase.cpp:

(WebCore::IconDatabase::IconDatabase):
(WebCore::IconDatabase::wakeSyncThread): Note that we have work for the sync thread to do.
(WebCore::IconDatabase::syncThreadMainLoop): If we were woken with no work to do, immediately
go back to waiting on the condition variable. Otherwise, reset m_syncThreadHasWorkToDo and then
do that work. We also switch to moving m_disabledSuddenTerminationForSyncThread immediately in to
our local shouldReenableSuddenTermination variable since it can be updated by other threads while
we don't hold the lock. This makes it inappropriate to make assumptions about its value after dropping
and reacquiring the lock.

(WebCore::RenderRubyBase::moveBlockChildren): This was incorrectly
doing optimizations to see if current ruby base has only inline
children before beforeChild and then trying to take out them from
their parent anonymous blocks. The problem is those inlines could
be split and have continuations because of encountering a block
inside inline flow. In those cases, we cannot take the inline out.
So, we should just make children non-inline in the destination
block and transfer the children as it-is.

As discussed on webkit-dev, the Haiku port has been inactive for over a
year. A year and a half ago, we discussed removing the port, but folks
said they planned to work on it more. That work does not appear to
have happened in the intervening time.

This file should have never been committed -- the library it looks for
is called libxslt, not libxlst, so it has never really been used. When
the buildsystem looked for libxslt, it used CMake's own LibXslt.cmake
instead.